CVE-2024-30097

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 12 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 1507 Version < 10.0.10240.20680

Microsoft ≫ Windows 10 1607 Version < 10.0.14393.7070

Microsoft ≫ Windows 10 1809 Version < 10.0.17763.5936

Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.4529

Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.4529

Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.3019

Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.3737

Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.3737

Microsoft ≫ Windows Server 2016 Version < 10.0.14393.7070

Microsoft ≫ Windows Server 2019 Version < 10.0.17763.5936

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2522

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.07%	0.88

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Patch

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform